Oracle.E-Business.Suite.HR.OrgServer.pI.SQL.Injection
Description
This indicates an attack attempt to exploit an Input Validation Error Vulnerability in Oracle E-Business Suite.
The vulnerability is due to use of untrusted user input to build a portion of an SQL query string. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests that will be handled by the OrgServer class. Successful exploitation results in the execution of arbitrary SQL commands against the Oracle E-Business database as the APPS user, effectively allowing full system compromise.
Affected Products
Oracle E-Business Suite 12.1.1-12.1.3
Oracle E-Business Suite 12.2.3-12.2.9
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-05-06 | 15.838 | Default_action:pass:drop |
2020-05-06 | 15.837 | Default_action:drop:pass |
2020-05-06 | 15.836 | Default_action:pass:drop |
2020-04-28 | 15.829 |